Background Information

On Monday, June 19, 2017, Qualsys announced memory handling vulnerabilities in a number of software distributions, including a vulnerability that could leverage a bug in the Exim software to achieve a local privilege escalation to root.

Impact

Vulnerable versions of Exim can be susceptible to local privilege escalation to root.

Releases

Updates to prevent this Exim issue are currently in progress. This page will be updated as new versions become available.

TIER

VERSION

64

64.0.30

62

IN PROGRESS

60

IN PROGRESS

58

IN PROGRESS

56

IN PROGRESS

EDGE

IN PROGRESS

CURRENT

64.0.30

RELEASE

IN PROGRESS

STABLE

IN PROGRESS

How to determine if your server is up to date

The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:

rpm -q --changelog exim | grep CVE-2017-1000369

The output should resemble below:

- Applied patch for CVE-2017-1000369

What to do if you are not up to date.

If your server is not running one of the above versions, update immediately.

cPanel, WebHost Manager, and WHM are registered trademarks of cPanel, Inc. for providing its computer software that facilitates the management and configuration of Internet web servers. ®2016 All rights reserved.